Defending against computer viruses.by McDuffie, R. Steve
System infectors are attached to either an operating system module or a system device driver. A well-known system infector virus is the Lehigh virus.
Generic application infectors make up the third and most widespread category of viruses. These viruses may attach to any application program. This type of virus gains control when an infected application program is run. At that point, the virus searches the system for additional host programs, either on hard disks or diskettes. After the search ends, usually with further spread of the virus, it returns control to the host program. Well-known generic application infectors include the Scores virus, Israeli virus, and nVir virus.
There has been some difficulty in distinguishing among the different types of computer problems associated with viruses. Some common virus- related terms are as follows:
Mole. A mole is a program that gains access to a system using a method not usually allowed or known to exist.
Bomb. A bomb is a group of code statements that are engaged when certain logical or physical criteria are met. Time bombs are initiated by a date or time criteria. A logic bomb is initiated by some specific event.
Trap Door. The trap door is defined as a gap in programming code that is intentionally included in a system or program. A trap door can facilitate debugging a program but it may be used for malicious purposes as well.
Trojan Horse. A Trojan Horse is a type of trap door program. A Trojan Horse involves hidden programming code within a program to provide unauthorized entry into a system.
Problems Caused by a Virus
A computer virus can cause any number of problems for a company and its computer applications. A virus can cause significant harm by merely replicating itself many times. A program that only replicates itself without destroying other programs or data is referred to as a "worm." The replicating activity of a virus or worm program will quickly use up valuable disk space and bog down the computing power of a system.
A very critical concern to accountants is the possibility that a virus can delete or damage valuable computer files. Files containing payroll information, accounts receivable ledger listings, or purchase orders are all highly valuable information. Deletion or damage to these files could adversely affect a company's operations.
Infected computer systems pose a very significant problem. Time and company resources are required to remove a virus, replace important files with backup copies, update backup copies, and test the system. Perhaps the most significant problem a computer virus presents to an organization is the interruption of its operations. Once damage caused by a virus is discovered, the time involved in curing the problem can be massive. A virus can interrupt the day-to-day activity of the company and cause the firm difficulties in dealing with the public (such as taking customer orders, processing supplies, etc.).
Another significant problem is the bad publicity a firm may experience if the public becomes aware of the virus problem. No firm wants to be identified as the latest organization infected by a virus, particularly one that could spread to customers or suppliers through electronic billing procedures.
failure to discover a virus can have serious ramifications regarding financial reports. Reported financial information, both internal and external, can be significantly distorted if a virus has infected the system from which the reports are generated.
Accountants can take measures to prevent computer viruses from attacking their company's systems. The following guidelines should be disseminated to all company personnel involved in computer use or maintenance.
1. Backup copies of all programs and data files should be made at regular intervals, such as weekly or monthly.
2. Public-domain software such as freeware and shareware should be used with extreme care. Always test for virus presence before use.
3. Users should routinely test all software for viruses, both retail- purchased and public-domain programs.
4. Users should always boot a system from the original write-protected disk. In the case of hard disk systems, a user should avoid booting from an untested diskette.
5. Users should enter meaningful volume labels on all hard disks and diskettes, and routinely check volume labels when the DIR command is executed. Inspect the labels for changes.
6. Users should be wary of unusual system activities such as less available system memory than normal, or turned-on access lights on a system device when there should be no activity.
Finally, internal security policies should ensure that the company's disaster recovery plan takes into account the risk of damage to records from computer viruses.
In addition to routine security procedures, special antiviral programs can help combat the virus threat. There are three categories of antiviral programs: infection preventers, infection detectors, and infection identifiers. Programs in the first group, infection preventers, monitor system activities and watch for signs of attempted replication. The programs monitor up-loading and down-loading procedures and watch for indications of a virus trying to gain access to executable programs. When a virus is detected, the infection preventer program freezes system activity before the virus completes infiltration, and notifies the user so that the virus can be removed. Unfortunately, boot infectors cannot be prevented in this manner because they occur before the prevention program is loaded.
The second group of anti-viral programs is referred to as infection detectors. These programs can detect viruses soon after the initial infection has occurred. Detectors are effective against most generic viruses and have two forms. One is called a vaccination, which will place a self-test mechanism in each program. The self-test is executed each time a program is run and checks for any alteration of the sequence of instructions. However, vaccinated programs can become reinfected. The other type of detector program is called a snapshot. Snapshots are one of the most effective means of defense. This program makes a log of all important information when a system is initially installed. This allows the system to be periodically compared with the log to check for changes that might have occurred because of a virus. However, using a snapshot can be very time-consuming.
The third group of anti-viral programs is known as infection identifiers. These programs are basically antidotes for specific viruses. The main disadvantage of these programs is that a great deal of time is usually required to produce an antidote.
The number of powerful anti-viral programs is growing rapidly, but so are the types of viruses. Anti-viral programs range in cost from a few dollars to hundreds of dollars. Several popular programs are listed in Exhibit 1. Exhibit 2 offers a brief comparison of selected features.
EXHIBIT 1 ANTI-VIRUS SOFTWARE PACKAGES
Central Point Anti-Virus
Central Point Software, Inc.
15220 NW Greenbrier Pkwy. #200
Beaverton OR 97006
Command Software Systems
1061 Indian Town Road #500
Jupiter FL 33477
The Norton AntiVirus
10201 Torre Ave.
Cupertino CA 95014
Trend Mirco Devices, Inc.
2421 W. 205th St. #D-100
Torrance CA 90501
Fifth Generation Systems, Inc.
10049 N. Reiger Road
Baton Rouge LA 70809
EXHIBIT 2 FEATURE COMPARISON OF ANTI-VIRUS SOFTWARE PACKAGES
(Range: Poor, Fair, Good, Excellent)
Source: PC Magazine, March 16, 1993
The accountant may be concerned about whether there is any legal recourse for the victims of a virus attack. People who write virus programs are somewhat insulated from prosecution because no law exists specifically making computer viruses a crime. Fortunately, the Computer Fraud and Abuse Act of 1986 makes it a felony to gain unauthorized access to classified information. The act also makes it a misdemeanor to access financial records and credit histories in financial institutions or to trespass into a federal government computer system.
Victims of computer viruses also have legal recourse against the person who perpetrated the virus because disseminating a virus can be construed as a malicious act. Recourse against a commercial software producer who unwittingly sells a program containing a virus depends on the particular state laws' stance on "shrink-wrap" contracts. Although some law experts specify that a manufacturer could be liable, shrinkwrap contracts state that the software is sold "as is," and that the manufacturer is not liable for defects or damage to the user's system. Although popular media coverage has diminished, the computer virus threat is still very real. By taking protective steps such as adopting virus prevention measures and using anti-viral software for the detection, identification, and prevention of computer viruses, accountants can help safeguard their company's systems from infection and damage.
The CPA Journal is broadly recognized as an outstanding, technical-refereed publication aimed at public practitioners, management, educators, and other accounting professionals. It is edited by CPAs for CPAs. Our goal is to provide CPAs and other accounting professionals with the information and news to enable them to be successful accountants, managers, and executives in today's practice environments.
©2009 The New York State Society of CPAs. Legal Notices
Visit the new cpajournal.com.